Cybersecurity

Microsoft CEO Satya Nadella announced the launch of a new security strategy for the entire Microsoft portfolio on Nov. 17. Except Nadella didn’t call it a strategy — he called it a "posture." In practical terms we'll assume there isn't much difference between the two. Nadella said that security will no longer be an afterthought in product design, but rather a core consideration.

Same As It Ever Was?

Security is top of mind for Microsoft as it develops business around cloud products like Azure and Office 365. But does this announcement herald a new era for Microsoft’s approach to security? According to Garrett A. Bekker III, senior analyst for Information Security with 451 Research, the objectives may be different, but the way Microsoft is going about it is not...

Kaspersky Lab has patented a new technology designed to prioritize data-scanning tasks on virtual machines. The technology significantly speeds up processing of high-priority scan requests in real time, while maintaining virtual machine performance. The patent was granted by the US Patent and Trademark Office.

A corporate virtual environment usually consists of a dedicated virtual machine protected by a security solution and a network of virtual workstations with so-called agents. A network connection is installed between the dedicated virtual machine and the agents, to allow data exchange during on-demand scanning of files (ODS) or on-access scanning of user applications (OAS).

Those in the IT world are always looking to develop the right skill sets that will help them get noticed above their competition. Considering how quickly technology changes, possessing a highly-desired set of skills can lead to better jobs and higher wages. Trends, of course, come and go, and keeping up with what is currently the most in-demand skills can sometimes feel like a job in and of itself. IT workers have to figure out what skills they want to master that will lead to higher chances of employment and greater job stability.

While many companies may be attracted to technical buzzwords being tossed about, one of the hottest IT skill sets is something that mostly avoids the hype: cyber security. Employers are eager to find workers with expertise in security, and the numbers back this up. The fastest growing job category on Dice.com happens to be cyber security, with the number of job postings having jumped by 91 percent compared to last year...

A massive cyberattack at the U.S. Office of Personnel Management (OPM) exposed the personal information of as many as 4 million federal employees. Though this type of news is not unusual, this particular case is different given that a multi-billion-dollar federal civilian cyberdefense systems was hacked.

The cyberdefense systems supposedly protecting the OPM are Department of Homeland Security programs known as Einstein and Continuous Diagnostics and Mitigation (CDM) -- and were hailed as the cornerstone of repelling cyberthreats in real time. Unfortunately this is not actually the case, as it took five months to discover the intrusion -- hackers hit the OPM in December, and the agency did not detect the intrusion until April. How bad the attack really was is still being analyzed...

For as long as anyone cares to remember the biggest inhibitor to cloud adoption has been concerns about security. In fact, when it comes to security the primary enemy has always been integration. By definition, the greater the number of points of integration there are the less secure something is. From an IT security perspective cloud computing, of course, is the ultimate form of integration.

But as much as integration might be part of the problem it’s also a big part of the solution. The more integrated security technologies become the more effective IT security solutions become inside and out of the cloud. For that reason, many IT security vendors are taking advantage of well-documented application programming interfaces (APIs) to drive a wave of alliances that go well beyond the basic marketing agreement...

The Department of Justice (DOJ) has released new guidance on cyber preparedness and incident response, becoming the latest federal agency to do so in recent months. Newly sworn-in Attorney General, Loretta Lynch, has indicated that the investigation and prosecution of cyber crimes will be one of the top priorities of her administration. Although the Guidance sets forth only voluntary standards, companies wishing to minimize potential liability in enforcement actions and/or civil litigation should take notice.

In releasing its “Best Practices for Victim Response and Reporting of Cyber Incidents,” the DOJ's Cybersecurity Unit called upon law enforcement and private industry to share in the effort to improve systems that protect consumer information...

Cloud computing has become ubiquitous for many companies but keeping it secure can be a challenge. Cloud Security Alliance Asia Pacific executive council chairman Ken Low shared the alliance’s top nine threats to the cloud at a Trend Micro event in Sydney.

9: Shared technology vulnerabilities

“In 2014, we have seen some of the most critical vulnerabilities such as Heartbleed which affected OpenSSL. That allowed people access to encrypted data,” said Low. There was also the discovery of the Shellshock vulnerability which affected the Bash shell. “Cloud service providers can scale their services by sharing infrastructure default to applications but the lack of strong isolation properties in monitored environments make them vulnerable,” said Low. He said that virtual patching can stop shared technology vulnerabilities...

Secretary of Defense Ash Carter unveiled the new Department of Defense Cyber Strategy in an address at Stanford University in Silicon Valley, California, April 23, 2015. An update to the original strategy released in 2011, it identifies specific cyber missions for DoD and sets strategic goals to achieve over the next five years and beyond.

These missions and goals will guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. I encourage all to familiarize themselves with the new DoD strategy to gain a better understanding of how it will inform the Army's mission, priorities and way-ahead...

In a February editorial about the buildup of cyber attacks between the United States and Iran, The New York Times quoted President Obama’s observation that, compared with conventional weaponry, cyberweapons provide “no clear line between offense and defense.” For example, getting into the enemy’s networks to exploit its weakness and disable its ability to attack you is both offense and defense.

Citing “major banks, Sony Pictures Entertainment, [and] an electrical utility,” the newspaper observed that such recent examples reveal that even corporate computer systems once considered impregnable are vulnerable to attack. In the borderless world of information technology, in fact, computer-security specialists and corporate risk managers have begun working on the assumption that it’s impossible for companies to keep their networks completely free from penetration...

A group of Columbia University security researchers have uncovered a new and insidious way for a hacker to spy on a computer, Web app or virtual machine running in the cloud without being detected. Any computer running a late-model Intel microprocessor and a Web browser using HTML5 (i.e., 80% of all PCs in the world) is vulnerable to this attack.

The exploit, which the researchers are calling “the spy in the sandbox,” requires little in the way of cost or time on the part of the attacker; there’s nothing to install and no need to break into hardened systems. All a hacker has to do is lure a victim to an untrusted web page with content controlled by the attacker...